🦆2🦆 [🔐]

[matrix]

• per device keys
  • one time
  • fallback
  • each device has different keys
• verification via SAS
• SSSS backup for key access

PGP

• key pair per person
  • subitentities
• verification via keyservers
• private can decrypt everything

[matrix]

is

complex

Cryptographic device onboarding

• Each device has its own public-private key pair
• This key pair is called signing key
• Canonical JSON content is signed using these keys to ensure integrity
• Each account has a masterin key
• Each device signing key must be signed using the main key to ensure authenticity
• Once the device is trusted it can upload megolm session keys generate fallback keys and receive encrypted content

Device signing bootstrap

1. Device generates key pair and uploads to HS
2. Cross-signing device keys using the main key
   1. Either the device can open the main key and sign itself (in case we are the first device or verify via SSSS recovery)
   2. Otherwise another device must sign the newly added key after verification (e.g. SAS verification)

megolm session keys

• Each key used to encrypt one event
• Only encrypt to verified sessions
• Fallback onto persistent, rotating fallback keys per megolm session

SSSS

Secure Secret Storage and Sharing

[ssss]

• Encrypted storage for megolm sessions
• Used for online key backup
• Contains cross-signing keys

root of [trust]

SAS

short authentication [strings]

SAS verification [methods]

• String comparison
• Emoji comparison
• QR code
• [your unknown fourth option]

cross [signing]

• If you receive your own master key, you sign it with your own device key
• If you receive a device key of your own account, you sign it with your own self-signing key
• If you receive another persons master key, you sign it with your own user-signing key